McGuireWoods associate Nathanael Williams and partners David Hirsch, Andrew Konia and Todd Beaton authored an “Expert Analysis” column for Law360 on new guidance released by the New York Department of Financial Services (NYDFS) regarding management of cybersecurity risks associated with third-party service providers.
In the Dec. 2. 2025, article, the authors cautioned that while companies may outsource critical technology services, and increasingly do so, they must still retain responsibility for cybersecurity oversight.
“Regulated entities should review and, where necessary, enhance their third-party risk management frameworks to ensure alignment with regulatory expectations and industry best practices,” the authors concluded.
The Law360 analysis covered key themes for business leaders, including regulatory compliance and enforcement, heightened scrutiny of third-party risks, monitoring and oversight, and considerations for selecting and contracting with vendors and terminating third-party service provider relationships. The authors discussed practical implications for regulated entities, such as the importance of board and senior leadership engagement, risk management, proper documentation and regular reviews for improvement of services.
The article was first published on McGuireWoods’ Password Protected blog.